<?php
/**
 * Authentication class   
 * 
 * @author Renan Henrique Abreu <renanhabreu@gmail.com>
 * @package Nucleo
 * @subpackage Nucleo.Controller
 * @version 1.0
 * @date 27-07-2009
 * @copyright 2009-2010 Renan Abreu
 * <code>
 * <?php
 * $r  = new Nucleo_Controller_Acl();
 * //all
 * $r->addRole('user1',array('Allow');
 * // all controllers of the module 				
 * $r->addRole('user2',array('modulo1'=>Array('allow'))); 
 * //all actions of the controller
 * $r->addRole('user3',array('modulo1'=>Array('controller1'=>Array('allow') ))); 
 * //action1 of the controller
 * $r->addRole('user3',array('modulo1'=>Array('controller1'=>Array('action1'=>'allow') )));
 * 
 * Nucleo_Acl_Acl::isAllowed('user1','module1','index'); //true or false *  * 				
 * ?>
 * </code>
 */
class Nucleo_Controller_Authentication{
	static private $roles = null;
	static private $session_acl; //nome da sessao para autenticacao


	/**
	 * Set session name for authentication
	 * @param String nome da sessao
	 */
	static public function setSesionNameAcl($session = null){
		self::$session_acl = $session;	
		session_start(); //inicializa sessoes
	}
	
	/**
	 * Get session of authentication
	 * @return String
	 */
	static public function getSessionAcl(){
		return $_SESSION[self::$session_acl];
	}

	/**
	 * Get name session of authentication
	 * @return string Nome da sessao
	 */
	static public function getNameSessionAcl(){
		return self::$session_acl;
	}
	
	/**
	 * Add roles for authentication
	 * 
	 * @param String user name
	 * @param Array moduleName=>Array(controllerName=>Array(actionName=>'allow')) //default false
	 * @deprecated deprecated since version 2.0.4
	 */
	public function addRoleForPermission($user,$role = Array('*')){		
		self::addRole($user,$role);		
	}
	
	/**
	 * Add roles for authentication
	 * 
	 * @param String user name
	 * @param Array moduleName=>Array(controllerName=>Array(actionName=>'allow')) //default false
	 * 
	 */
	static public function addRole($user,$role = Array('*'),$permission = 'allow'){
		
		$role = array_pad($role,4,'0');
		$user       	= current($role);
		$module     	= next($role);
		$controller 	= next($role);
		$action     	= next($role);
						
		self::$roles[$user] = Array($module=>Array($controller=>Array($action=>$permission)));
	}
	
	/**
	 * check if user have the permission
	 * @param String module name
	 * @param String controller name
	 * @param String action name
	 * @return Boolean True or False
	 */
	static public function isAllowed($module,$controller,$action){
		$aut = true;
		// * == all users
		if(!self::allowed('*',$module,$controller,$action)){
			$user = $_SESSION[self::$session_acl]; 
			$aut = self::allowed($user,$module,$controller,$action);
		}		
		
		return $aut;
	}
	
	/**
	 * Check permission of user
	 * @param String user name
	 * @param String module name
	 * @param String controller name
	 * @param String action name
	 * @return True or False
	 */
	static private function allowed($user,$module = '0',$controller = '0',$action = '0'){
		$aut = true;
		
		// verificando a arvore de regras
		if(isset(self::$roles)){
			if(!self::check(self::$roles[$user]['0']['0']['0']))//All modules
				if(!self::check(self::$roles[$user][$module]['0']['0'])) //All module controllers 
					if(!self::check(self::$roles[$user][$module][$controller]['0']))//All controller actions
						if(!self::check(self::$roles[$user][$module][$controller][$action]))
							$aut = false;
		}
		
		return $aut;
	}
	
	/**
	 * Check if role exists
	 * @param array roles
	 * @return boolean 
	 */
	static private function check($array){
		$retorno = false;
		if(isset($array))
			$retorno = ($array === 'allow');
		return $retorno;			
	}
}

?>